The invention relates to securing a manufacturing supply chain where devices are manufactured with digital identities attested to by digital certificates. Specifically, the invention relates to systems and methods for digitally signing digital certificates such that devices manufactured without proper authority can be identified and deactivated.
Public Key Infrastructure (PKI) is a system for cryptographically binding a public key pair to an object identity (e.g., a person, a software module, an electronic device). Possession of the private key portion of the key pair is used to prove ownership of the identity. In PKI digital certificates are issued to the object and checked prior to allowing the object to operate. In the most usual embodiment of PKI, a certificate authority (CA) binds a public key to the object through a registration and issuance process (i.e., signing of the digital certificate by the CA's credentials). If such a CA should become compromised (e.g., loss or theft of the CA's credentials), PKI systems usually revoke the certificate for the CA, invalidating all digital certificates signed by the CA. In a PKI designed for a manufacturing supply chain, such an action could invalidate millions of already manufactured and sold devices, even if they were legitimately manufactured. The invention relates to approaches to mitigate these issues.
Intellectual property owners who use contract manufacturers to produce devices or who license their technology to other manufacturers use PKI to ensure that devices are not manufactured without proper reimbursement to the intellectual property owner. For example, providers of network interface cards (NIC) use PKI to digitally sign NIC certificates during manufacture. Once deployed into the field, the digital certificates of the NICs are verified before the NIC is able to communicate with other NICs. If NICs are manufactured without authority (e.g., a CA is stolen, NICs are manufactured at times the plant is supposed to be closed, i.e., “midnight manufacturing”), one mechanism for recovery is to revoke the CA certificate in lieu of revoking the individual NIC certificates. This can result in a large number of NICs being invalidated, even if they were manufactured prior to the CA being compromised, and are thus valid NICs. Replacement of the NICs or of the NICs certificates can be very expensive and may not even be possible.